Insight: The 'jihobbiests' that run ISIS's social accounts

A new report from Deep and Dark Web intelligence company, Flashpoint titled Hacking for ISIS: The Emergent Cyber Threat Landscape [PDF] looks at the history and gradual unification of disparate pro-ISIS hacking collectives. These merged into the “United Cyber Caliphate,” on 4th April 2016 and mostly use social accounts to generate as much mayhem – and publicity – as possible.

The complex history, numerous characters and convoluted structure is strongly reminiscent of numerous far right groups that exist through Europe. While the report addresses how far they’ve come and where they’re likely to go in the future. It concludes that actors’ “skills levels” are low.

This was not, of course, true of the original ‘founder’ Junaid Hussain (a.k.a. Abu Hussain Al Britani) who launched initiatives and spearheaded the ISIS supportive hacking movement.

“[His] background in hacking allowed him to establish and grow the effort from the ground up. However, many of those who are following in Hussain’s footsteps (as he was killed in an August 2015 airstrike) do not have this prior technical knowledge and therefore demonstrate a low skill level.”

This means the majority of individuals involved can be described as more ISIS ‘fan boys’ – or ‘jihobbiests’ – who identify with ISIS’s message but lack technical abilities. They are not hacking ‘professionals’ at present but it won’t be long before that situation changes.

“One key to these individuals’ growth and maturation as sophisticated hackers is their ability to attract outside or pre-existing talent – whether that means using unaffiliated hackers or recruiting sympathisers who happen to have a relevant tech background,” says Kassirer.

“The second path toward growth for these actors is simply continued learning. At Flashpoint, we regularly watch these individuals actively cultivating their skills, learning from meticulous tech manuals and guidelines posted on ISIS Deep Web forums and Telegram channels, with readers sometimes asking questions and engaging the authors. Just as jihadists have taken to the internet for years to learn how to build explosives for physical attacks, they are doing the same to foster the skills necessary to launch cyberattacks,” he adds.

The report demonstrates that, to date, cyber actors have primarily launched attacks on government, banking and media targets in order to achieve maximum publicity. What surprises me is that they haven’t attacked critical infrastructure – like power supplies – yet. These are often unsecured and would cause immense terror to the general population.

“This is due to a lack of ability,” says Kassirer. “State sponsored hackers are likely able to attack critical infrastructure, but they are bound by the nations that they serve and the international implications or consequences that would come from doing so. Pro-ISIS hackers, on the other hand, are non-state actors that are not bound by these restrictions and whose ultimate goal is to cause as much damage and terror as possible. Therefore, it seems to be a simple case of ‘if they could, they would’.”

So, what can be done about all this? The Twitter accounts highlighted in the report have certainly been taken down but Kassirer stresses: “Just removing content isn’t enough to mitigate the risk posed by this community; they are relentless and resourceful, so it ultimately becomes a game of whack a mole.”

He concludes: “Cooperation between government and tech companies is crucial in effectively combatting such a quickly evolving adversary.”